On Thu, Apr 08, 2004 at 10:50:33AM +0000, Mark wrote: > Purl Gurl (in alt.apache.configuration) wrote: > > > tz wrote:
Advertising
> >> Running Apache/1.3.27 (Unix) here. > > > > Excellent. Apache 1.3.27 is the best > > version of all Apache releases. Next > > two, .28 and .29 have some bugs. > > Is this true? I very much doubt it. Since I recently upgraded to 1.3.29 > myself (on FreeBSD 4.9R-p3), it doesn't hurt to ask, though. It's not in agreement with what it says on http://httpd.apache.org/. apache-1.3.29 is a security release, as well as being a bug fix release. The Apache Software Foundation is not shy about admitting mistakes or shortcomings: if they felt that an older release was substantially better for most people to run, that information would be plastered all over their front page. There is a bug to do with mod_usertrack and the CookieName directive which is a current issue in the latest versions of apache. However, it's something that will only affect a few apache users, and there's a simple work-around. It's not so significant they've produced a new release right away, nor is it anything like as important as the buffer overflow fixed with the release of 1.3.29, exploitation of which could allow an attacker to DoS your server or even run arbitrary code upon it. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp00000.pgp
Description: PGP signature
